Setting up Basic Apache Authentication through .htpasswrd... Not working? - apache

So I am trying to run just a basic demonstration website using apache. I'm very new to the whole schema of how it works so I'm just testing basic authentication using both .htaccess and .htpasswrd to see if it will actually prompt. So far it has not. My current directory for my site on my pc (Centos 7) is /var/www/html/index.html is where my site is. and my conf files are located in /etc/httpd/(sites-available)/(sites-enabled) to where both files have this configuration :
#Basic Appache Config file for Demo site
Listen 127.0.0.1:80
<VirtualHost 127.0.0.1:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride ALL
Require all granted
</Directory>
</VirtualHost>
I figured this using .htaccess would yield the result I wanted.. and have also tried to do this method:
<Directory "/var/www/your_domain">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
Neither of these has prompted my website for authentication whenever I go on firefox/chrome and go to local host. I have reset appache (httpd), multiple times, as well as disabled and re-enabled it to see if it was just that but also no luck. Any other recommendations I could try here? Or is it an error of syntax/httpd? Thanks to anyone with advice!

Related

Ubuntu | Apache - No permission to request ressource after changing DocumentRoot

I am currently setting up a development environment with Apache and Ubuntu for a Git project.
However, when I adjust the documentRoot under sites-availabe, I get the message "403 Forbidden" by calling the site in the browser.
The default directory under /var/www/html can be displayed without any problems.
However, if I change the path to /var/www/my-project.com, I get the 403 message.
I also copied the permissions from the folder "html", so there shouldn't be any problems here.
000-default.conf
ServerAdmin xxx#xxx.xx
DocumentRoot /var/www/xxxxx.com
ServerName xxxxx.com
ServerAlias www.xxxxx.com
apache2.conf
<Directory />
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
/etc/hosts
127.0.0.1 localhost
127.0.1.1 hostname
127.0.0.1 xxxxx.com
Permissions of /var/www/xxxxx.com
drwxrwxr-x 7 user:www-data
I have also completely reinstalled Apache, but that didn't help either.
(Im using Ubuntu 20.04 with Apache 2.4)
I would be very grateful for any help.
Edit: Also after copying the files to the html directory ends up in 403 when calling specific files. But i still can call the standard index.html from apache.
I found my problem. Because im really new to Ubuntu i didn't recognized the broken Symlink. After recreating it with
ln -s sourceDirectory newLinkDirectory
all works just fine

Allow Amazon CDN to bypass HTTP Basic Authentication

I am trying to allow Amazon CDN to access the resources on my password-protected staging site (HTTP Basic Authentication).
This is the code I have in the httpd.conf file for it:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName staging.domain.com
DocumentRoot /var/www/html
<Directory "/var/www/html/">
Options Indexes MultiViews FollowSymLinks
AllowOverride all
AuthName "Development Access"
AuthType Basic
AuthUserFile /path/to/password.htpasswd
Require valid-user
SetEnvIf User-Agent "^Amazon.*" cdn
Order allow,deny
Allow from env=cdn
</Directory>
</Virtualhost>
I'm using SetEnvIf to assign a variable if the user agent is Amazon and then just allowing it, but this is not working. Can somebody please help me out with this one?
the problem is that a valid user is required to get to the content, indifferent of the user agent used.
Give this article in the Apache Manual a read, specifically take a look at the RequireAny bit. That allows you to setup the rules with the complexity you require. Your config code would look something like this.
SetEnvIf User-Agent "^Amazon.*" cdn
<RequireAny>
Require valid-user
Require cdn
</RequireAny>
This only works on Apache 2.4 upwards. On 2.2 you can look at this article in the Apache Wiki and specially to the Satisfy Any directive. Hope this helps.
If you have Apache 2 and possibly the requirement to access the resources with HTTP Auth, this has worked for me:
<Directory /var/www/yourwebdirectory>
SetEnvIf User-Agent "^Amazon.*" cdn
AuthUserFile /etc/apache2/.htpasswd.forthissite
AuthType Basic
AuthName "My Files"
Require valid-user
Order allow,deny
Allow from env=cdn
Satisfy Any
</Directory>

Apache2 password protected Vhost configuration

I have a problem with a password protected vhost on apache2 and debian (7).
It's a server which hosts several vhost. They are all online for now. I need to restrict access only for one of them. (www.acticia.net)
I do not want to use .htaccess while it is not the correct way for apache.
Here is my vhost conf in site-available :
<VirtualHost *:80>
ServerAdmin admin#acticia.net
ServerName acticia.net
ServerAlias www.acticia.net
DocumentRoot /var/www/acticia.net/
<Directory /var/www/acticia.net/>
AuthType Basic
AuthName "Authentication required"
AuthUserfile "/etc/htpasswd/.htpasswd"
Require valide-user
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/acticia.net-error_log
TransferLog /var/log/apache2/acticia.net-access_log
/etc/htpasswd/.htpasswd has been generated by htpasswd (from apache2)
The site claims that "Authentication required", ask for a login and a password then, ask it again, and again and again ...
Tested under chorimum and iceweasel (up to date for a deb7).
I read apache2 wiki, apache2 docs and a certain part of the www for this subject, didn't understood my mistake !
Thanks for the helps guys !
Require valide-user should be Require valid-user

.htaccess not working at all

I've got a file accessible through my web website by typing http://www.mywebsite.com/myfile and the server run on debian.
I'd like to put an authentication with a .htaccess and .htpasswd when trying to access to previous url.
I'm quite new to .htaccess and I tried to configure it with the doc but it doesn't seems to work since when i try nothing change and when i check the error log I've got :
[error] [client IP] client denied by server configuration:
/home/file1/myfile/www/.htaccess
The content of my .htaccess is :
<Directory /home/file1/myfile/www/>
AuthUserFile /home/file1/myfile/.htpasswd
AuthGroupFile /dev/null
AuthName "My authentication"
AuthType Basic
Require valid-user
Otions Indexes FollowSymLinks Multiviews
AllowOverride All
Order allow,deny
allow from all
Redirect permanent /.htaccess http://www.mywebsite.com/myfile
ServerSignature Off
</Directory>
How may I solve this problem please ?
You can't use a <Directory> container in an htaccess file. Remove them so you just have:
AuthUserFile /home/file1/myfile/.htpasswd
AuthGroupFile /dev/null
AuthName "My authentication"
AuthType Basic
Require valid-user
Options Indexes FollowSymLinks Multiviews
AllowOverride All
Order deny,allow
deny from all
Redirect permanent /.htaccess http://www.mywebsite.com/myfile
ServerSignature Off
(you have Otions mispelled)
Also, by looking at your error, it looks as if you were trying to access the htaccess file directly, instead of myfile. It's possible there's extra configuration on the server to deny accessing htaccess files (or all files that start with a .).
It seems that deleting et creating again the user is enough to fix the FTP connexion problem.
I've modified my global apache configuration with the following :
DirectoryIndex index.html index.htm index.xhtml index.php index.txt
ServerName debian.domain.tld
#ServerName localhost
HostnameLookups Off
ServerAdmin myadressemail
UserDir www
UserDir disable root
<Directory />
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
ServerSignature Off
An now my .htaccess is :
AuthUserFile /home/file1/myfile/.htpasswd
AuthGroupFile /dev/null
AuthName "My authentification"
AuthType Basic
Require user user1
But I still have got no authentication asked, what did I do wrong ?

How to allow writing to files via Apache and WebDAV

I am having trouble understanding how I can get to edit files on a WebDAV setup. I have set up the Auth correctly, as verified by loads of online tutorials, yet there are some files like .htaccess which I can't edit.
The contents of the VirtualHost setup are
<VirtualHost *:80>
ServerAdmin xxx
ServerName xxx
DocumentRoot /data/www/vhosts/xxx
<Directory /data/www/vhosts/xxx>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Location />
DAV On
AuthType Basic
AuthName "WebDAV Access"
AuthUserFile /data/www/.htpasswd-webdav
Require valid-user
</Location>
</VirtualHost>
I've generated the correct username in the file too, and I can log in successfully and see all the files. Like I say, the problem is that certain files are unreadable and unwritable, the main culprits being .htaccess and .gitignore.
I have set the permissions on all files to 664 and all folders to 775 and a user:group of xxx:www-data. The reason being that this allows PHP to read/write the files ok, and our remote login user xxx to do the same without permissions issues.
Is there something specific I need to do to allow reading writing to these hidden dot files? I'm completely stumped, as most tutorials I've read are telling me that if I don't set the rights on dot files to root:root then they will be writable. I am using a Mac to connect to the WebDAV service, which runs on Ubuntu, if this makes any difference
Just for clarity, all of the xxx in this question is to hide info.
So it seems that I can allow access to specific files using the below
<Files .htaccess>
order allow,deny
deny from all
</Files>
I forgot that .htaccess files are blocked over HTTP by default.
EDIT:
The final working setup, to make all files writeable in the webdav environment, with Digest secure authentication is:
<VirtualHost *:80>
ServerAdmin xxx
ServerName www.domain.name
DocumentRoot xxx
<Directory xxx>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<FilesMatch "\.(htaccess|php)$">
Order allow,deny
allow from all
ForceType text/plain
</FilesMatch>
<Location />
DAV On
AuthType Digest
AuthName "Webdav Access"
AuthDigestDomain / http://www.domain.name/
AuthDigestProvider file
AuthUserFile /data/www/digest.users
Require valid-user
php_value engine off
</Location>
</VirtualHost>
I hope this helps someone else. It took days to find all this info out on the web.
Also check the permissions of /data/www/ itself. It should be writable for the apache user.